Use Policy

1. Prohibited uses

You may not use the Schema Models or the Service for any of the following.

1.1 Illegal discrimination

To make or assist with decisions that discriminate against individuals based on protected characteristics (race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, genetic information, veteran status, or any other characteristic protected by applicable law) in violation of the Equal Credit Opportunity Act, Fair Housing Act, Civil Rights Act, Americans with Disabilities Act, or equivalent laws in other jurisdictions.

1.2 Automated high-stakes decisions without human oversight

To use Schema Model Outputs as the sole basis for automated decisions that significantly affect individuals without meaningful human review. High-stakes decisions include: credit approvals or denials; employment decisions (hiring, firing, promotion, compensation); insurance underwriting or claims; healthcare diagnostics, treatment, or triage; criminal justice risk assessments; housing approvals or denials; and educational admissions or disciplinary decisions.

This implements GDPR Article 22 and the EU AI Act's requirements for high-risk AI systems. Customers deploying a Schema Model in these contexts must implement meaningful human oversight as required by applicable law.

1.3 Reverse engineering and model attacks

You may not attempt to:

• Extract, reproduce, decompile, disassemble, or reverse engineer any Schema Model, including its weights, architecture, training methodology, training data, or internal representations.
• Conduct membership inference attacks designed to determine whether specific data was used in any Schema Model's training.
• Conduct model extraction or model stealing attacks via API query patterns designed to reconstruct any Schema Model.
• Distill any Schema Model into a smaller model or use Schema Model Outputs to train, fine-tune, or otherwise develop a model that competes with the Schema Models.

1.4 Unauthorized redistribution

You may not resell, sublicense, share, or expose API access to any Schema Model to third parties without a separate written agreement with SchemaLabs. This includes building a product or service that provides third-party access to the Schema Models' capabilities without our authorization.

1.5 Circumventing controls

You may not bypass, disable, or interfere with usage quotas, rate limits, access controls, authentication mechanisms, or any other security or operational features of the API or Web App.

1.6 Harmful and illegal applications

You may not use the Schema Models for:

• Fraud, fraud facilitation, or fraud detection evasion
• Money laundering or terrorist financing
• Mass surveillance of individuals
• Weapons development, targeting, or guidance systems
• Generating misleading, deceptive, or manipulative information at scale
• Any application designed to cause physical, financial, psychological, or reputational harm to individuals or groups
• Any application that violates applicable law in the jurisdiction of deployment

1.7 Misrepresentation

You may not:

• Represent Schema Model Outputs as human-generated when the context requires disclosure of AI involvement
• Misrepresent the Schema Models' capabilities, accuracy, or limitations to third parties
• Fail to disclose AI involvement to end users where required by applicable law (including EU AI Act Article 50)

1.8 Prohibited data categories

You may not upload, transmit, or process the following categories of data through the Service unless SchemaLabs has specifically agreed in writing (for example, through a signed Data Processing Agreement or HIPAA Business Associate Agreement):

(a) Special category data under GDPR Article 9. Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; genetic data; biometric data for the purpose of uniquely identifying a natural person; data concerning health; or data concerning a natural person's sex life or sexual orientation.

(b) Protected Health Information. Information subject to the Health Insurance Portability and Accountability Act (HIPAA), the HITECH Act, or equivalent laws in other jurisdictions. PHI may be uploaded only after a Business Associate Agreement has been executed between you and SchemaLabs.

(c) Payment card data. Primary Account Numbers (PANs), cardholder data, or sensitive authentication data as defined under the Payment Card Industry Data Security Standard (PCI-DSS).

(d) Government identifiers. Social Security numbers, Taxpayer Identification Numbers, passport numbers, driver's license numbers, national ID numbers, or equivalent government-issued identifiers from any jurisdiction.

(e) Children's data. Personal data of children under sixteen (16) in the European Union, under thirteen (13) in the United States, or under the equivalent age threshold in any other jurisdiction.

(f) Export-controlled or classified data. Technical data subject to the U.S. Export Administration Regulations (EAR), International Traffic in Arms Regulations (ITAR), the EU Dual-Use Regulation, or equivalent regulations in other jurisdictions. Information classified under any government classification regime.

(g) Attorney-client privileged communications or other communications subject to legal professional privilege.

You represent and warrant that the data you upload to the Service does not include any prohibited category in this Section 1.8, unless covered by a specific written agreement with SchemaLabs. Uploading prohibited data is a material breach of this Use Policy and may result in immediate suspension or termination of your account.

1.9 Vulnerability reporting

The prohibitions in Sections 1.3 and 1.5 apply at all times, including to anyone who believes they have identified a vulnerability in the Service. There is no general carve-out from those prohibitions for security research.

Any vulnerability testing, probing, scanning, exploitation, reverse engineering, or related activity against the Service requires advance written authorization from SchemaLabs. Submitting a vulnerability report does not, by itself, constitute or imply such authorization.

The Responsible Disclosure Policy describes how to submit reports of security issues you have become aware of through lawful use of the Service. SchemaLabs reviews each submission internally and may, in its sole discretion, exercise forbearance with respect to a particular submission as described in that Policy. Nothing in this Section or in the Responsible Disclosure Policy is a license, authorization, waiver, release, or covenant not to sue.

2. Customer responsibilities for high-risk deployments

If you deploy a Schema Model in a use case that may qualify as high-risk under the EU AI Act, applicable US state AI laws, or other regulatory frameworks, you are responsible for:

• Notifying SchemaLabs of the high-risk deployment by writing to [email protected]
• Implementing all required human oversight measures
• Conducting any required conformity assessments or algorithmic impact assessments
• Registering the AI system in any applicable regulatory database (including the EU AI database)
• Maintaining documentation sufficient to demonstrate compliance
• Disclosing AI involvement to affected end users where required by law

As the model provider, SchemaLabs will provide reasonable technical documentation and accurate model information to support your compliance obligations on request. As the deployer, you bear responsibility for the specific deployment context.

3. Enforcement

3.1 Investigation

We may investigate suspected violations of this Use Policy. Investigation may include review of API usage patterns, query volumes, and system interactions. We will limit the scope of any investigation to what is reasonably necessary to determine whether a violation has occurred.

Investigation does not include inspection of Customer Data content except where we have a reasonable, documented basis to investigate a specific suspected violation.

3.2 Enforcement actions

Upon determining that a violation has occurred, we may take one or more of the following actions:

• Warning. A written warning identifying the violation and requiring corrective action.
• Suspension. Suspension of access to the Service, in whole or in part. Suspension may be immediate if the violation poses imminent risk of harm. For violations that do not pose imminent risk, we will provide written notice and at least five (5) business days to cure before suspending.
• Termination. Termination of your account and access. Reserved for severe violations, repeated violations after warning, or violations not cured within the specified period.

We will use reasonable judgment in selecting enforcement actions, considering the severity, intent, and impact of the violation. We are not required to follow a sequential escalation process.

3.3 Effect of suspension

During suspension: (a) your Customer Data and Fine-Tuned Checkpoints (also referred to as Customer Endpoints or Model Endpoints) are preserved; (b) you remain liable for fees accruing during the suspension; and (c) you may not create new accounts to circumvent the suspension.

3.4 Appeals

If you believe an enforcement action was taken in error, you may submit a written appeal to [email protected] within ten (10) business days of the action. We will review and respond within ten (10) business days.

4. Reporting violations

If you become aware of any use of a Schema Model or the Service that violates this Use Policy, report it to [email protected].

We will acknowledge receipt of reports within five (5) business days and investigate in good faith. We will not disclose the identity of the reporter to the subject of the report without consent, except where required by law.

5. Changes to this Policy

We may update this Use Policy from time to time. The current version and its effective date are always posted on this page, and you are responsible for checking the website periodically to stay informed of changes. We may, but are not required to, send additional notice of material changes by email or in-app notification. Continued use after the effective date of an update constitutes acceptance.

6. Contact

SchemaLabs, Inc.

• Compliance and abuse reports: [email protected]
• Security: [email protected]